In case you stumble upon what appears to be an account statement in your inbox, act with caution. It could be an email sent out by cybercriminals to distribute a piece of malware.
Both ThreatTrack Security and Dynamoo’s Blog have analyzed the spam run. The email address of the sender is spoofed to make it look like the message is coming from firstname.lastname@example.org.
The notifications, which have nothing to do with Sky, read something like this:
Please find attached the statement of account. We look forward to receiving payment for the December invoice as this is now due for payment.
The variant analyzed by Dynamoo’s Blog is pretty much the same, but it’s signed by “Carmela.”
The file attached to the fake notifications is not an invoice, but an archive that hides a .scr file. Currently, this piece of malware is detected by only 9 of the antivirus engines on Virus Total.
These emails first started making the rounds in late October 2013. A second wave was spotted at the beginning of December 2013. The last time these emails were landing in inboxes was January 2014.
Each time, the month and the name of the individual who signed the email are changed, but the rest of the bogus notification is usually the same.
If you come across such emails in your inbox, delete them immediately. If you’ve already executed the file in the attachment, scan your computer with an updated antivirus. Perform regular scans to ensure that no threats go undetected.